Header Right

How to Protect Your Blog from Hackers

Note from Kevin: This post is written by Cassie Phillips of Secure Thoughts. Cassie is going to share with us tips for securing our blogs. Read Cassie’s ideas and, when you’re finished, be sure to leave her a comment!

Your blog is one of the most important things in the world to you. It is the way that you communicate with the outside world, share your passions, and potentially even make your income.

There are other people out there who do not feel the same way.

These hackers want to take your blog and use it for profit by either spamming ad-filled posts on your blog or using your subscriber lists for their criminal purposes.

If your blog is taken over by a hacker, not only might you lose your blog, you might lose some of your readership and your reputation. It is worth any inconvenience to make sure this doesn’t happen.

The Basics

What goes for the rest of the internet doesn’t change for your blog. Many of the threats to your computer can affect your blog as well, so you have to maintain a constant vigilance on both fronts. Know these basics and know them well.

Passwords and Usernames

While it may be convenient for you to have a simple password such as “Password123” or something similar, hackers will be able to crack such a password in five minutes on a slow day. You need something better with different types of characters, no words in the dictionary, and enough characters to keep the number of possibilities high (at least 10). Once you commit a good one to memory, you won’t care so much about the hassle, and it will get easier to remember a new one each time you change it.

If you are looking for some examples of what a good password looks like, check out the listed examples below:

Typ561Tesert?

M0O0Nrare!

J0hnsm1TH

!Pra531cTiCal

As for your username, this naturally won’t be as well protected, but there are steps you can take. The biggest one is not using “Admin” as your username.

Many different exploits and attacks hackers use will start on the premise that Admin is a username or profile name on the website, so if you’re using it you’ve made their job a lot easier. Other than this, just make sure not to hand your username out to everyone. Keep it as safe as your password.

Security Software

Your computer is linked to your blog, and there is nothing you can do to change that. If your computer is attacked, consider your blog attacked as well. Any cookies or saved passwords on your device could be stolen and used to gain access to your blog.

You need security software on all of your devices, and you need to make sure it is updated consistently. There are both free programs and premium programs available. Some of the better free products include Panda Free Antivirus, AVG Free Antivirus, and Avira. Some of the best premium programs and brands include Norton, McAfee, and Kaspersky Total Security.

Each have their benefits and disadvantages (for example, Kaspersky is the most expensive, but has every feature you could want), and you will have to decide what is in your budget and most compatible with your needs. Consider it an investment in your blog’s survival.

Email Security

Where your blog is concerned, your email security is of equal importance to your general computer security. If a hacker manages to get into your email account, they can pretty easily find your password and/or your username. This is in addition to the many other problems you will have to deal with when your email is hacked (such as potential identity theft).

This is why your email should be the most protected account you have. If you are particularly cautious, you will want to create a separate email for blogging purposes. You can also use it as a separate contact point for readers so you can more easily organize your emails. A second email address is free and easy to start, so there is no disadvantage to setting one up (other than time).

In addition to this, you will want a strong password (see the tips outlined earlier). Your email account might also have other verification options such as a security image or security question you have to answer whenever you log in on a new device. Take any and all of these options, and note that you don’t have to share your email with everyone you meet.

Platforms, Tools, and Plugins

A strong webpage is your first line of defense against potential hackers. Hackers aren’t necessarily lazy, but they are opportunistic and will attack the weakest blog they see. If your blog looks dated, it’s security is probably dated, too. Try to think how a predator thinks, and then take measures that will ward them off. Try to do this from a holistic viewpoint, taking into consideration the platform, the base blog, and any plugins you have installed.

Security Tools and Add-ons

Most blogging platforms, WordPress especially among them, have a lot of tools and plugins available to users in order to make your website more secure. Let us take a look at some of the most popular and useful ones:

Acunetix WP Security Scan is one of the first plugins you should download for your blog. Once activated, it will scan your blog and design for any potential security holes and then recommend fixes for you. It is continually improving and is a great introduction to WordPress security.

WordFence is likely the most popular and well-known of all the plugins for WordPress right now. The plugin scans the coding of your website, then optimizes your security and allegedly makes it up to fifty times faster. It has some of the best blocking features (you can block entire networks), will scan for both common and not-so-common holes and leaks, and has a firewall. There is a premium option that is great, but the free option is more than enough to protect your blog from most threats.

Sucuri Security is a plugin from a company that specializes in auditing and internet security. It will incorporate many different blacklist engines onto your blog to protect it, and it has a ton of monitoring features available so you can know every last thing about the security and activity on your site. It is a fantastic all-around security application.

Brute Force Login Protection is probably your best bet if you are being targeted with a botnet attack or, as the name suggests, a brute force attack. Since most of these types of attacks are automated, you need a good level of protection that will work automatically for you, and this plugin will block the IP address of a hacker who tries to log in too many times. You can even get an email when this happens so that you are aware of the frequency of attacks on your site.

Whatever security plugins you choose, be sure to research them thoroughly. Many options are either out of date or malware in disguise and will give you a false sense of security. In the worst case scenario, you could even be giving hackers a front door method into attacking your blog. Doing your homework will save you a lot of money in the long run.

Tip from Kevin: Stick to plugins found in the official WordPress directory. You’ll be able to see when a plugin was last updated, whether it’s compatible with the latest version of WordPress, how often its developers answer “support” questions, and the star rating other users have given it. Plus, all the plugins are free. I like free.

A final tip regarding this is to take an hour or so every few months to review any applications you might be using on your blog. If they are outdated, don’t hesitate to replace them. Cybersecurity evolves too quickly to be loyal to something that no longer works.

Use the Latest Version

If you are using WordPress or another hosting service which has multiple versions, make sure you are using the most recent one available. Hackers find a lot more security holes and problems in older versions of blogging platforms, and the hosts most likely do not support them nearly as much at their latest product.

If you can upgrade, do it now. There are few disadvantages to upgrading after the first month (where they get the bugs out), and you can take advantage of the other features offered.

Protecting Your Blog on the Go

Many bloggers love to travel or work from outside the home, and this is a great thing. It allows for new perspectives and a faster, more consistent rate of production. However, there are many risks while blogging on the go, and you need to be prepared for them with the right knowledge and the right tools.

Public Networks

When it comes to internet security in general, public networks are your worst enemy and a hacker’s best friend. While they are useful to many people who want to browse the internet for free, most people do not know the inherent lack of security many of them have.

The biggest problem with a public network is that it is really easy for anyone to intercept your data uploaded or downloaded on the network. Think of your computer as a broadcast tower. Anyone with a receiver and the knowledge to use it can pick up the signal. Unfortunately, the receivers aren’t expensive, and they’re pretty easy for even novice hackers to use.

When your data is picked up in this manner, it can easily be used against you. Try to imagine if your passwords and usernames were just broadcast unencrypted for someone to pick up. If you log in without protection, that is what will happen. Heaven forbid you try online banking or blog-related financial transactions.

Use a VPN

The best way to counter the problems of public networks is to use a Virtual Private Network (VPN) to defend yourself. What a VPN will do is connect your device via an encrypted connection to another server offsite. This connection can act as a tunnel and will mask your IP address, which will allow you a maximum level of security and privacy. Hackers won’t be able to know anything, even on a public network.

There are many different VPNs out there, and many of them are specialized. Doing some research on the subject will help you find out which to use to ward off hackers on public networks as well as stay private. If you want a decent one, you will have to pay a subscription fee, but it is well worth it compared to the questionable free ones out on the market.

If you travel to other countries or have to access sensitive data, then another important thing about VPNs should be noted. The fact they mask IP addresses and make it appear as if you are browsing in a different country means that you can bypass government censorship if you are in a restrictive country. This is necessary for bloggers who are reporting on risky subjects.

Secure Your Smartphone

If you are travelling or even walking around town, you should make sure your smartphone is on you at all times and you can feel it. There is a huge market for stolen smartphones, and pickpockets love to make profits off of them.

Your smartphone is likely connected to your blog, so if your smartphone gets stolen you need to make changing your password on it one of your first priorities. If a smartphone thief gets a blog to sell in addition to a new phone, you’ll have one more problem on your hands.

If you are worried about travelling with your smartphone, try leaving it in a safe place in the hotel if you don’t think you are going to need it, or place it on your person in a place a pickpocket won’t try to reach. One popular measure is to attach your smartphone to an arm strap that people like to use when working out and then wearing something over it.

Also, try to have some sort of verification measure set up on your phone so that not just anyone can open it. This can take the form of a passcode (that isn’t “1111”), a fingerprint verification, a voice command, or something else. Check to see what options your phone has available and pick the one that fits you and is the most secure.

Conclusion

To review, there are a lot of threats out there, but there are an equal number of defenses. You need to maintain an active and current website, have an adaptable and strong defense for all of your technology, and be even more wary when travelling.

The final and best tip is to simply use common sense when using your blog. If something doesn’t look or sound right, don’t get involved. Check out any inconsistencies immediately. Don’t trust anyone.

Thank you for reading. I hope you have a better knowledge of the ways your blog is vulnerable and the ways you can protect yourself from hackers.

[avatar email=”securethoughtscassie@gmail.com” size=”125″]About Cassie Phillips
Cassie is a writer and blogger who specializes in website and internet security for Secure Thoughts. Say hi to her on Google+ and Twitter.

Reader Interactions

Comments

The part I liked best was the section on securing your smartphone. Most of us wouldn’t even think about the impact on our blogs if our phone was lost or stolen, but you’re right… It would be a bad, bad thing.

You are very welcome, and thanks for having me. I hope I am able to help others as well. As for smartphones, we all think they are perfectly safe (especially if you have iPhone) and we forget about securing them (myself included). Thanks again!

Hey Cassie – you really got my attention on something I tend to ignore – the danger of public networks. Also, one of my clients is an insurance agency which sells Cyber Liability insurance. It’s pretty inexpensive. We just published a post for them about this topic which cited research that 70% of data breaches happen through small businesses.

Thank you for stopping by. I too have never heard of Cyber Liability insurance, but it makes sense in today’s world why you would need it. I think we all forget about public networks and how dangerous they can be, we see they have Wi-Fi and we get excited for the free internet, but someone else out there sees a free way to steal your personal information! Thanks again for reading.

Thank you for an excellent article on a topic that hadn’t even occurred to me! I’m preparing to launch my first blog, and of all the technology I’m struggling to get a handle on, site security wasn’t even on my radar — but thanks to you, it is now. Again, thank you!

And Kevin, kudos to you as well for securing such an important and relevant guest post. Like everything I’ve discovered on this site so far, this article added to my knowledge base (which, for a beginning blogger, is of a size that requires use of the Hubble telescope to be seen) and provided actionable steps I can use right now, both in my current work and as a guide to direct the ongoing learning process.

Glad to hear you’re about to launch your first blog. How exciting! Do you have a name yet? What’s your topic?

Thank you very much, Dawn! That’s very kind of you to say. I’m glad you’ve learned a lot through the posts you’ve read. We all started somewhere — don’t worry! You’ll be a savvy pro before you know it. 🙂

I hope you are having a great Thursday, Dawn. Hope to see you back here again real soon!

Thanks for your comment and kind words! I am glad I was able to help you. Congratulations on starting your new blog! Good luck with it. I personally think that the security aspects of running a blog are the easy part! Thanks again for reading.

Thanks Cassie for the great advice, I never knew that hackers may try to high jack your blog, that is good to know, and the tips are very good things to know. I will be taking better care of my blog from now on. Thank you. Veronica.

Yes, unfortunately hackers will try to get into anything they can if they think they can gain something from it. I am glad I was able to help you take care of your blog better. Thanks for stopping by and reading.

Been working too late at night. Thought you said in the email, “for keeping your blog safe in the hands of hackers.”

…and I was, “Is here serious?”

“Who in their right mind would…well, certainly NOT Kevin, cause he ain’t IN his right mind….more like left illusion or rubber-room-happy-place, i’ll tell ya that right now.”

Nice to know it was my own stupidity and bad eyesight and not your poor judgements that…

GOOOOD article, Cassie! Brilliant on you, little sister.

So glad you had more intelligence than the site owner, here. Keep it OUT of the hands of hackers. Good. Good.

Now if it was out of the hands of SNACKERS, well00then you’d totally won my heart.

I mean, I’d have been a little put off at first (I am a bit of a ‘fluffy’ fellow) but hey, sprinkle in a little twinkie highlights with the veggies, we’ll get along fine right there…

OKAY now…just woke up for a nap, here.

But of a mental shock, trying to jump into this conversat….

Ya know, neither of you are saying much here.

Hard to HAVE a conversation, where you’re the only person talking–you know that, don’t you?

Right.

*Yawwwwn*

Time for coffee.

…or perhaps T1Me-Fer-C0UGheee

See, I’ve learned new skills from you, Cassie.

(Thought I was asleep there, didn’t you….but nooooo, that yawn was to throw you off.)

Sad thing is, I’ve started WantedHero.com over a handful of times form scratch because of hackers. Kicked my butt and couldn’t reverse or salvage anything from the damage…so I’m going to tell EVERYone to LISTEN UP TO CASSIE!!

Don’t let 2-3 years of your labors be flushed down the toilet by stupid hackers.

Thanks for the laughs! But all joking aside, I am so sorry that your blog has been hacked so many times! That really is a drag to have to start all over again. With that being said, hackers will do everything they can to get into your blog, so do everything you can to make it secure. I am glad you learned something and I hope you will tell all of you blogging friends to listen up, because no one wants to put their blog in the hands of hackers….or do they? I wonder sometimes? Also, I agree with you about the snackers, but not the twinkies, I prefer ice cream or hohos, mmmm or girl scout cookies…

Hello Cassie,
This is really a very fabulous post. Security should always be of utmost concern to everyone not only in our homes alone but to everything that concerns us especially our source of income like our blogs.

My blog was once hacked and i knew how tedious it was for me to recover it back, this is not the kind of experience anyone will like to have.

All the tools you mentioned here are indeed very useful as far as blog security is concerned and I’m already making use of few of them.

I am so sorry that your blog was hacked. It really is horrible. And getting it back is even worse! I am glad you are using a few of these tools, I hope you start using some of the others to further protect your blog. Unfortunately, even if you use every possible measure, hackers will do anything to get into your blog if they think they have something to gain!

it’s always an important topic, and one that many bloggers or small biz owners are not aware of.
Taking care of a website’s security means to get informed about possible threats. Many less tech-inclined business owners don’t know what could possibly happen in an open network. Not in my wildest dream would I ever do online banking there.

You are absolutely right. Too many bloggers don’t think about the security of their blog or website. The ones that are most at risk are the ones who think their blog is just a small personal blog, and then one day it takes off and they have no security measures in place. They often think that blog security is something they don’t need to think about. I am glad you like the post and I hope it helps.

I have installed Wordfence on a couple of my websites and I am constantly amazed, astounded and horrified as to the number of attempts at hacking I get.

Maybe it’s just me…… perhaps my face is better suited to radio.

Or, maybe I am simply a relevant and fairly standard statistic in the big, bad world of internet nasty people who attempt to hack sites because they can.

Interestingly, most of the attempts at hacking my site(s) tend to come from Argentina (and quite a few from Israel) – or so Wordfence tells me. I don’t know why that is. I have nothing against Argentinians (or Israelies) but I am seriously considering blocking the entire country (and their relevant IP address range) from even visiting my site.

The actions of the few are potentially spoiling it for the many.

Thanks for the other plug in suggestions. I will investigate those a little further.